I haven't done this exactly, but would suggest something like this.
Start with an extended object that leverages something like SUBINACL.EXE (resource kit) or SETACL.EXE (sourceforge.net).
Wrap that exobj in a component template to do your audit.
/audit ace count =0
/perm. ace count =1
/pace =everyone ACCESS_ALLOWED_ACE_TYPE-0x0
will that work running as a local account on the box? the local administrator should be able to see shares on their own system right? if that works, that does look like the best way to do it, just wrap an EO around the commands.
run following command to list share folders:
wmic share get name